Cross-site Scripting Vulnerability in .Net Framework

["Microsoft Security Response Center" <secure () microsoft com>]

-----BEGIN PGP SIGNED MESSAGE-----

Hi All -

Wanted to provide some information about the Cross-Site Scripting
issue that was reported on 04 February
(http://www.securityfocus.com/archive/1/254001).  The flaw only
existed in beta versions of the .NET Framework, and is not present in
the final version of the product, which is available for download
from MSDN.  We encourage any site administrators who are using beta
versions to upgrade to the final version.

Microsoft's web site was affected because Microsoft is an early
adopter of its own technology.  Although we have been upgrading our
web site to the released version of .Net Framework, the upgrade was
not complete when the information about the vulnerability was made
public.  We have taken interim steps to prevent the vulnerability
from being exploited, and have expedited the upgrade.

Regarding the claim that Microsoft was alerted to this vulnerability
six months ago, we have checked our archives but can find no record
of having received any information on this subject at
Secure () microsoft com.  Regards,

Microsoft Security Response Center

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQEVAwUBPGIAQI0ZSRQxA/UrAQF+pgf/fH50K7fntwMOtSAeGv4deHLqbFhfJTdF
v0Gvpezk5sS3xwe/9R9xEm+o25SQ+aw6KsjEF8WUmQXB/heqyXPpx1w3i05McHiV
q0f2jiGbkiOpgw8lBsA6QtkF2tSGmVRLYDJVDIBrMkiM4MCibWzGlWQ1rzmKdnAa
9YGDhyb82jIyaaXqB8Xm9WjJqWEM1doPUyNi3s8oXaAvksnJlt9RkntAsnIBjMMa
tQ/bn49f8WDrSC7nbYCXwzN3nuVQUbGvG19uBl+JHhtOsZn0M2BBy6W1+z/nGFWV
eTkILXjvsTQDaoLki5UUsKxhC9s6NomQvKXt2vpjxj6LnTFB+wI8cg==
=Nfkh
-----END PGP SIGNATURE-----